Apple's Clash With FBI Risks Piercing Trust in EU Privacy Shield

(Bloomberg) -- Apple Inc.’s fight with the U.S. government over whether it can be forced to help unlock an iPhone has spilled across borders, threatening to delay a trans-Atlantic pact protecting European data from American eyes.

European Union privacy regulators promised to give their verdict next month on the so-called privacy shield deal, which toughens EU privacy protections where the U.S. is involved. The Apple case is raising concerns that the new plan doesn’t go far enough, regional politicians, officials and lawyers said. That in turn could mean more deliberation and push back the completion date.

Data-protection regulators will probably “be thinking about the FBI’s demands on Apple when reviewing the viability of the shield and its level of safeguards,” said Wim Nauwelaerts, a privacy lawyer at Hunton & Williams LLP in Brussels.

Europe has traditionally had tighter protections for personal data than in the U.S., and revelations by Edward Snowden showing the extent of American security agencies’ snooping into communications overseas have exacerbated tensions between the two regions. The EU was already struggling to garner support to ratify the shield when the fight between Apple and the FBI began last month and raised awareness of how far law enforcement can go to get around people’s encryption and security devices.

Commercial Reasons

Last month’s draft deal setting up the shield was designed to ensure European users’ data is safe from access in the U.S. when companies ship it across the Atlantic for commercial reasons.

The EU heralded the agreement, saying that, for the first time, the U.S. gave it binding assurances that law enforcement and national security would have strictly limited access to Europeans’ data. Among the proposed commitments was the creation of a special ombudsman in the U.S. State Department who would follow up on complaints and inquiries by individuals about data access.

The EU and U.S. were forced to the negotiating table after the EU’s highest court in October struck down a previous 15-year-old pact, called safe harbor, for failing to offer sufficient safeguards against security services.

The EU court found “that the access that U.S. authorities had to EU citizens’ data was too easy,” said Paul Bernal, a legal scholar at the University of East Anglia in England. If Apple loses the fight with the FBI and “authorities can effectively backdoor phones, that makes this access even easier.”

‘Just Terrible’

Viviane Reding, the EU’s former justice commissioner, said a recent case involving American demands for access to Hotmail messages held on Microsoft Corp.’s Irish servers shows that Europeans are right to be wary of the U.S.

Soon after the EU and U.S. heralded a separate deal last September on data privacy in law enforcement cooperation, “the U.S. Department of Justice argued in front of a U.S. Federal court to bypass existing legal frameworks between Europe and America,” she said. “That was the Microsoft case. This doublespeak is just terrible. Here we do have exactly the same problem with the Apple case.”

While the privacy shield gives Europeans stronger protections in some areas, said Reding, who is now a member of the European Parliament, “when it comes to the intelligence services, the text is the same as it was when I left office in 2014.” On bulk data collection, she said new exemptions have been added.

‘Clear Limitations’

The European Commission, which led negotiations with the U.S., insisted that the questions related to the Apple case aren’t comparable.

“The whole concept of the shield in relation to national security and law enforcement is to set out clear limitations and safeguards to what might be technically feasible for U.S. authorities,” said Christian Wigand, a spokesman for justice policy. “And we will of course hold the U.S. accountable to these strong commitments made through a monitoring and review system put in place through the shield."

Still, some regulators in the EU say the Apple case, and the issues at stake, makes it harder to rebuild lost confidence about data privacy.

‘Global Backlash’

“We are concerned about a global backlash in user trust, if companies can be forced to issue weak security versions of their products,” said Jacob Kohnstamm, head of the Dutch data protection authority, who sits on the panel of national officials known as the Article 29 Working Party.

After helping prosecutors unlock at least 70 iPhones, Apple last year stopped cooperating and said the company would no longer serve as the government’s helper. Apple claims its U.S. case could set a precedent and threaten other users by creating a program that will let the FBI get around the phone’s encryption.

Apple has already gained the backing of some of the industry’s biggest names, including Google parent Alphabet Inc., Facebook Inc. and Microsoft Corp.

Microsoft President Brad Smith said earlier this month that encryption is the most important technology to ensure security and that “the path to hell starts at the back door.”